Extracted

• • Target

    aac2b608faa3ab35732395586ff16be2079127273872e84bbaaba14748959b7e.exe

  • Size

    390KB

  • MD5

    9edb7aa25808ecbc3af123fb9fd6b0da

  • SHA1

    64263771d3f06f25ac3dda729fbb426ee6aabf52

  • SHA256

    aac2b608faa3ab35732395586ff16be2079127273872e84bbaaba14748959b7e

  • SHA512

    fb1ecd28bd64209d91eb972465db94c0f09c97e700344461cc0594acb856d8e71c995663a636887b0ef423f3cd2ef14cfe29e4bd8479283bd8bdefbb8d6b5adf

  • SSDEEP

    6144:TdvWDDYgip0ettyAFBCpf+QasFO2iW+wB3K56tm95w8A2yjuDhewY:ksP0eKfRaD2P+wB3BmrwfRcUw

  Score

  10^/10

  redlinelyla3.22.11discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2